Astoundingflaws, reported by both Symantec and Ars Technica... What happended to OpSec? As importantly: The true ramifications for our country are yet unknown... Unless of course, this and other 'leaks' of the same or similar ilk - are, in fact - structured information operations of the highest caliber. Crafted to ensnare the miscreant espionage bounders wandering amongst us... You be the judge.

Key Findings

The Buckeye attack group was using Equation Group tools to gain persistent access to target organizations at least a year prior to the Shadow Brokers leak.

Variants of Equation Group tools used by Buckeye appear to be different from those released by Shadow Brokers, potentially indicating that they didn't originate from that leak.

Buckeye's use of Equation Group tools also involved the exploit of a previously unknown Windows zero-day vulnerability. This zero day was reported by Symantec to Microsoft in September 2018 and patched in March 2019.

While Buckeye appeared to cease operations in mid-2017, the Equation Group tools it used continued to be used in attacks until late 2018. It is unknown who continued to use the tools. They may have been passed to another group or Buckeye may have continued operating longer than supposed. - viaSymantec Corporation'sThreat Intelligence Blog

IARPA'sdoing it, the Neuromongers did it, why not You? Well crafted report on the methodology behind applying the power behind the ignorance and widom of the crowd... Known as the Crowdsourcing Evidence, Argumentation, Thinking and Evaluation (CREATE), IARPA's new program ostensibly may enhance intelligence anlayst's capability levels by leveraging the behavior of crowdsourced resources. Today's Must Read.

Tracking, that is, with the assistance of Intel Corporation (NASDAQ: INTC), that benevolent arbiter of all things computational... El Reg has conveniently provided a FAQ (direct from the chip fabricator) in their superlatively reported post. Today's Must Read.

via the inimitable Dan Goodin and writing at Ars Technica, wherein the good Mr. Goodin, in a display of remarkable restraint, tells the tale of the discovery of code (in this case not 'authorized') making itself at home in Juniper network componentry. In this case, firewall network componentry. Ooops